1CO. 


Information Commissioner’s Office 


Consultation: Age appropriate design code 


Introduction 


The Information Commissioner is seeking feedback on her draft code of practice Age appropriate 
design: a code of practice for online services likely to be accessed by children (the code). 


The code will provide guidance on the design standards that the Commissioner will expect 
providers of online ‘Information Society Services’ (ISS), which process personal data and are likely 
to be accessed by children, to meet. 


The code is now out for public consultation and will remain open until 31 May 2019. The 
Information Commissioner welcomes feedback on the specific questions set out below. 


For this consultation, we will publish all resoonses except for those where the respondent indicates 
that they are an individual acting in a private capacity (e.g. a member of the public or a parent). All 
responses from organisations and individuals responding in a professional capacity (e.g. 
academics, child development experts, sole traders, child minders, education professionals) will be 
published. We will remove email addresses and telephone numbers from these responses but 
apart from this, we will publish them in full. 


For more information about what we do with personal data please see our privacy notice. 


Please note, we are using the platform Snap Surveys to gather this information. Any data collected 
by Snap Surveys for ICO is stored on UK servers. You can read their Privacy Policy here. 


Section 1: Your views on the code 


Is the ‘About this code’ section clearly communicated? 
Ql @ Yes 
O No 


If no, then please provide your reasons for this view. 
Qila 


Is the 'Services covered by this code' section clearly communicated? 
Q2 ©) Yes 

© No 

If no, then please provide your reasons for this view. 


Q2a The definition is so broad it covers almost any electronic device, even internet controlled lightbulbs or TV 
sets that support nothing more than internet updating. 


Section 2: Your views on the draft standards 


There are 16 draft standards in the code. You can comment on all the drafts 
standards, or focus on a single standard. If you do not want to answer questions on a 
standard please press skip. 


The standards are: 


12) Nudge techniques 


16) Governance and accountability 


Best interests of the child: The best interests of the child should be a primary 


consideration when you design and develop online services likely to be accessed 
by a child. 


Q3 =@) I would like to comment on this standard 


©) Skip 


Have we communicated our expectations for this standard clearly? 
Q4 Q Yes 

O No 

If no, then please give reasons for your answer. 
Q4a 


Q5 


Q5a 


Q6 


Q6a 


©) Yes 
© No 


If yes, then please give reasons for your answer. 


© Yes 
©) No 


It leads to a series of unintended and bad consequences. 1. The fact that non-UK resident 
bodies are not covered means that it will encourage vendors with a small UK presence to 
leave the UK cutting the tax base, reducing service quality and employment. 2. It adds to the 
burden of designing (and major redesign) of web sites so there is a large commercial cost 
which is likely to be met in many cases by simply prohibiting anyone under 18, or by closing 
down and moving to amazon and other major sites, harming profitability and increasing the 
control a tiny number of massive, low tax paying US companies have on the UK 3. It 
assumes we will remain in the EU with its focus on GDPR one stop shop. The EU has been 
fairly clear that when/if the UK leaves the arrangements will no longer apply without an 
agreement. That represents a huge risk of driving even more business out of the UK 4. In the 
case of apps, it is likely that compliance cost for older apps will result in many vendors just 
marking them in web stores as 'not available in the UK’. 


1. Timescale. - A lot of services already exist and updating them to meet these standards will take many 
months of programming work. Quite a few services are no longer actively modified but just maintained. In 
those cases it will be necessary to re-commence work, or just shut down the product in the UK. That in 
some cases will result in customers losing things like games and rights managed access to books and 
music - For devices with an online element the software is often burned into the product and cannot be 
updated easily. In some cases regulatory compliance is also very very slow. A good example is in car 
entertainment systems that talk to the internet. 


Q8 


Q8a 


Q9 


Q9a 


Q10 


© Yes 
C) No 


For 'new' services it probably needs to be a year or so (that being a typical 
development cycle for things like a new game). Many existing services could 
probably be updated in the one year timescale (or could bar anyone under 18 or from 
the UK within that timescale). A lot of existing appliances that are internet connected 
and may fall into the category - eg because they offer updates or things like online 
streaming within a product may well not be upgradable to meet such a regulation - 
ever. 


Do you know of any online resources that you think could be usefully linked to 
from this section of the code? 

O Yes 

© No 


If yes, then please provide details (including links). 


the age range of your audience and 
the needs of children of different ages. Apply the standards in this code to all 
users, unless you have robust age-verification mechanisms to distinguish adults 
from children. 


© I would like to comment on this standard 


©) Skip 


QI O©O Yes 


© No 
If no, then please give reasons for your answer. 


Qila There are no working robust age verification mechanisms on the internet. This is a 


fiction, we know this from the pornography situation and everything that has been 
tried. 


Q12 ©) Yes 

© No 

If yes, then please give reasons for your answer. 
Q12a 


Q13 @ Yes 
©) No 


Qi3a It places an enormous regulatory burden upon UK small businesses that will simply 
drive all e-commerce onto large US low tax paying sites to the detriment of the UK as 
a place to do business and to the UK tax take. The standard is simply too high 
because of the lack of effective age verification, and the lack of definition of what is 
robust within the guidance. For sites targetted at children the policy is reasonable but 
children could access any site. 


Do you envisage any feasibility challenges to online services delivering this 
standard? 
Q14 @ Yes 


© No 
If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q14a 1. 'robust' is not defined 2. It's over-inclusive 3. The timescale of 3 month is 
impossible 


Q15 @ Yes 
O No 


Q1i5a As described under 'Best Interests of the Child' 


Q16 ©) Yes 

© No 

If yes, then please provide details (including links). 
Q16a 


The privacy information you provide to users, and other 
published terms, policies and community standards, must be concise, 
prominent and in clear language suited to the age of the child. Provide 
additional specific ‘bite-sized’ explanations about how you use personal data at 
the point that use is activated. 


Q17  @ I would like to respond to this standard 


©) Skip 


Q18 © Yes 
©) No 


If no, then please give reasons for your answer. 
Q18a 


Q19 Ọ Yes 
© No 


If yes, then please give reasons for your answer. 
Q19a 


Q20 @ Yes 
©) No 


Q20a As described under 'Best Interests of the Child' - it will drive everything onto a small 
number of large US platforms that can handle compliance costs, reduce profitability of 
UK small business and the UK tax take. 


Q2! © Yes 
©) No 


Q21a The age of the potential child is unknown. There is no valid robust age verification 
system on the internet. In addition a lot of sites do not want to know the age of their 
users as that is collecting personal data they currently have no need to do so. Thus 
compliance will require every site asks and stores the users age related data. It 
requires significant redesign of application user interfaces which takes a lot of time to 
test and roll out. In many cases it will not be commercially viable so the application 
will simply get blocked from the UK 


Q22 @ Yes 
©) No 


Q22a 1. Privacy documents require legal review. For a small business this is expensive and 
very very slow. 2. It requires significant redesign of application user interfaces which 
takes a lot of time to test and roll out. In many cases it will not be commercially 
viable so the app will take time to update. A year is probably the minimum 
reasonable time to update a complex web site or application 3. There are many 
existing internet connected devices that cannot be remotely updated and brought into 
compliance. 


Do you know of any online resources that you think could be usefully linked to from 
this section of the code? 

Q23 © Yes 
©) No 


If yes, then please provide details (including links). 


Q23a 


Q24 @ I would like to respond to this standard 


©) Skip 


Have we communicated our expectations for this standard clearly? 
Q25  @ Yes 
©) No 


If no, then please give reasons for your answer. 


Q25a 


Q26 Ọ Yes 
© No 


If yes, then please give reasons for your answer. 
Q26a 


Q27 © Yes 
©) No 


Q27a Your compliance requires robust age verification and forces sites to ask age data, and 
for other personal data in order to verify ages. That creates another giant pool of 
personal data that most smaller sites today do not collect, do not want to collect and 
in truth we all know do not have the security competence to store safely. 


Q28 © Yes 
©) No 


Q28a The fact that the code would require collection of quantities of excessive personal 
data to even be in compliance. 


Q29 @ Yes 
O No 


Q29a As stated in all the other answers it takes a long time to update applications or 
websites, in some cases it will not be possible 


Q30 ©) Yes 

© No 

If yes, then please provide details (including links). 
Q30a 


Q31  @ I would like to respond to this standard 
©) Skip 
Q32 @ Yes 
©) No 
If no, then please give reasons for your answer. 
Q32a 
Do you have any examples that you think could be used to illustrate the approach we 
are advocating to this standard? 
Q33 © Yes 


© No 


If yes, then please give reasons for your answer. 
Q33a 


Q34 (©) Yes 
© No 


If yes, then please give reasons for your answer. 
Q34a 


Q35 Ọ Yes 
© No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q35a 


Q36 ©) Yes 
© No 


If yes, then please provide your reasons for this view, and give an indication of what 
you think a reasonable transition period would be and why. 


Q36a 


Q37 ©) Yes 
© No 


If yes, then please provide details (including links). 
Q37a 


Q38 @ I would like to respond to this standard 


©) Skip 


Q39 © Yes 
O No 


If no, then please give reasons for your answer. 
Q39a 


Q40 C) Yes 
© No 


If yes, then please give reasons for your answer. 
Q40a 


Q41 @ Yes 
©) No 


Q41a The highest privacy level would be not collecting age data. However your compliance 
requires robust age verification so this contradicts your own requirements. 


Q42  @ Yes 
©) No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q42a The fact that high privacy and age verification are fundamentally contradictory 
requirements 


Q43 @ Yes 
O No 


Q43a_ It's not possible to comply with both these rules. No transition period would be too 
long enough. 


Q44 ©) Yes 
© No 


If yes, then please provide details (including links). 
Q44a 


Q45  @ I would like to respond to this standard 


©) Skip 


Q46 @ Yes 
O No 


If no, then please give reasons for your answer. 
Q46a 


Q47 ©) Yes 
© No 


If yes, then please give reasons for your answer. 
Q47a 


Q48 @ Yes 
O No 


Q48a Robust age verification is in direct contradiction to data minimization. The need to 
know the age of the user in order to present privacy data is in direct contradiction to 
this requirement. Forcing the collection of more data by small businesses guarantees 


an endless stream of leaks and security failures. 


Q49 @ Yes 
O No 


Q49a The parts of the proposal are in direct conflict with one another. It is not possible to 
do true data minimization when you are required to do age related processing. 


Q50 @ Yes 
O No 


Q50a It is not possible to meet this standard and the rules on age. No transition period is 
long enough 


Q51 Ọ Yes 
© No 


If yes, then please provide details (including links). 
Q51a 


as © I would like to respond to this standard 


©) Skip 


Q53 @ Yes 

O No 

If no, then please give reasons for your answer. 
Q53a 


Q54 C) Yes 
© No 


If yes, then please give reasons for your answer. 
Q54a 


Q55 () Yes 
© No 


If yes, then please give reasons for your answer. 
Q55a 


Q56 () Yes 
© No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q56a 


Q57 @ Yes 
O No 


Q57a Software and processes take longer than 3 months to update. Some devices may 
never be able to reach the standard required 


Q58 Ọ Yes 
© No 


If yes, then please provide details (including links). 
Q58a 


Geolocation: Switch geolocation options off by default (unless you can 
demonstrate a compelling reason for geolocation, taking account of the best 
interests of the child), and provide an obvious sign for children when location 
tracking is active. Options which make a child's location visible to others must 
default back to off at the end of each session. 


Q59  @ I would like to respond to this standard 


©) Skip 


Q60 @ Yes 
O No 


If no, then please give reasons for your answer. 
Q60a 


Q61 © Yes 

© No 

If yes, then please give reasons for your answer. 
Q6la 


Q62 C) Yes 

© No 

If yes, then please give reasons for your answer. 
Q62a 


Q63 ©) Yes 
© No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q63a 


Q64 @ Yes 
O No 


Q64a Software and processes take longer than 3 months to update. Some devices may 


never be able to reach the standard required. In this particular category some of the 
e-tracking watches come to mind. 


Q65 Ọ Yes 
© No 


If yes, then please provide details (including links). 
Q65a 


provide an 
obvious sign to the child when they are being monitored. 


ce © I would like to respond to this standard 


©) Skip 


Q67 @ Yes 
O No 


If no, then please give reasons for your answer. 
Q67a 


Q68 C) Yes 
© No 


If yes, then please give reasons for your answer. 
Q68a 


Q69 @ Yes 
O No 


Q69a Giving the user a canary that allows them to ascertain if/when they are being 
monitored also allows them to use it as a key to identify whether their attempts to 
break/hack/disable the monitoring are working. That represents a difficult balance. 
Compliance is also a challenge for exsiting devices and old software and it may be the 
only way to get compliance is to remote kill childrens toys that would otherwise work 
fine, and disable apps from UK availability. 


Q70 @ Yes 
O No 


Q70a The standard does not consider non visual devices, not does it consider blind users 
and accessibility software. Making the information available on such things is 
extremely hard, especially for small children who may not read. Consider for example 
how an internet baby alarm would communicate to a baby that it is being monitoring 
in a way the child understands. Now do that for an existing product where there is no 
functionality available to meet compliance. Similar problems exist for most speech 
communicating devices and toys. 


Q71 @ Yes 
O No 


Q71a Existing devices in many cases could not be retrofitted. Others will take longer as the 
process to update them is not trivial. Realistically for devices this needs to be a code 
for new products or for updates to existing ones where practicable. 


Q72 Ọ Yes 
© No 


If yes, then please provide details (including links). 
Q72a 


Profiling: Switch options which use profiling off by default (unless you can 
demonstrate a compelling reason for profiling, taking account of the best 
interests of the child). Only allow profiling if you have appropriate measures in 
place to protect the child from any harmful effects (in particular, being fed 
content that is detrimental to their health or wellbeing). 


Q73  @ I would like to respond to this standard 


©) Skip 


Q74 @ Yes 
©) No 


If no, then please give reasons for your answer. 
Q74a 


Q75 © Yes 
© No 


If yes, then please give reasons for your answer. 
Q75a 


Q76 ©) Yes 
© No 


If yes, then please give reasons for your answer. 
Q76a 


Q77 ©) Yes 
© No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q77a 


Q78 © Yes 
© No 


Q78a Devices and software take at least a year to do a full update cycle. In addition some 
of them may never be updatable sufficiently. 


If yes, then please provide details (including links). 
Q79a 


Nudge techniques: Do not use nudge techniques to lead or encourage children 
to provide unnecessary personal data, weaken or turn off privacy protections, 
or extend use. 


Q80 (`) I would like to respond to this standard 


© skip 


Have we communicated our expectations for this standard clearly? 
Q81 ©) Yes 

©) No 

If no, then please give reasons for your answer. 
Q8ia 


Do you have any examples that you think could be used to illustrate the 
approach we are advocating to this standard? 


Q82 ©) Yes 

© No 

If yes, then please give reasons for your answer. 
Q82a 


Do you think this standard gives rise to any unwarranted or unintended 
consequences? 


Q83 () Yes 

© No 

If yes, then please give reasons for your answer. 
Q83a 


Do you envisage any feasibility challenges to online services delivering this 
standard? 

Q84 O Yes 
©) No 
If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 

Q84a 


Q85 


Q85a 


Q86 


Q86a 


Q88 


Q88a 


Q89 


Q89a 


Q90 


Q90a 


Do you think this standard requires a transition period of any longer than 3 
months after the code comes into force? 


©) Yes 
O No 


If yes, then please provide your reasons for this view, and give an indication of what 
you think a reasonable transition period would be and why. 


Do you know of any online resources that you think could be usefully linked to 
from this section of the code? 


©) Yes 
O No 


If yes, then please provide details (including links). 


© I would like to respond to this standard 


©) Skip 


© Yes 
C) No 


If no, then please give reasons for your answer. 


O Yes 
© No 


If yes, then please give reasons for your answer. 


©) Yes 
© No 


If yes, then please give reasons for your answer. 


Do you envisage any feasibility challenges to online services delivering this 
standard? 

Q91 ©) Yes 
O No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Q9ia 


Q92 @ Yes 
O No 


Q92a_ It is difficult to imagine how many existing toys could be remote updated to comply 
with this standard. Having a set of rules backed by a large financial threat is asking 
companies to remote kill childrens toys to avoid risk. That is *not* a good thing. 
Certainly anything new ought to compliant within a year, but it is difficult to see how 
some existing products could ever become so. Possibly there needs to be a different 
process for such products where, as far as feasible, the vendor is instead required to 
notify the purchaser of the non-compliance elements and the fact they cannot be 
retro-fitted. 


Do you know of any online resources that you think could be usefully linked to from 
this section of the code? 

Q93 © Yes 
© No 


If yes, then please provide details (including links). 


Q93a 


Q9%  @ I would like to respond to this standard 


©) Skip 


Q95 @ Yes 
© No 


If no, then please give reasons for your answer. 
Q95a 


Q96 () Yes 
© No 


If yes, then please give reasons for your answer. 
Q96a 


Q97 @ Yes 
©) No 


Q97a_ Again this will drive businesses onto the large US platforms in order to avoid 
compliance costs. Much more clarity is needed. An explanation of how a site is 
magically going to discover the owners age is needed. Compliance is likely to lead to 
many vendors simply killing services and products in the UK. Children will find their 
games vanished from their computers for example. 


Q98 @ Yes 
©) No 


Q98a The privacy and data collection minimisation requirements fundamentally conflict with 
the requirement to provide age specific responses and behaviour. At minimum the 
guidance needs to say something like "A site or service that is not intended for 
children, and does not otherwise collect age data may assume that anyone visiting it 
is at least ten years old and must show suitability guidance appropriate for the 10+ 
age range." In essence there needs to be a clear divide between ‘incidentally visited 
by children’ (such as most small business sites) and ‘intended for/likely to attract 
children’, where more specific regulation is appropriate. You could for example 
imagine an appropriate 10+ message explaining that the site is for adults purchasing 
products, asking if you are 18+ and explaining personal data usage. Even on many 
child friendly asking and storing ages is in many cases needlessly invasive and 
guidance on providing wide range appropriate information instead of narrow age 


Q99 @ Yes 
©) No 


Q99a It takes along time to retrofit existing sites. Products may not be able to reach the 
new standards. A year is the minimum timescale for much of this, and for many 
products it will not be possible. 


Q100 Ç) Yes 
© No 


Q100 If yes, then please provide details (including links). 
a 


Governance and accountability: Ensure you have policies and procedures in 
place which demonstrate how you comply with data protection obligations, 
including data protection training for all staff involved in the design and 
development of online services likely to be accessed by children. Ensure that 


your policies, procedures and terms of service demonstrate compliance with the 
provisions of this code 


©) I would like to respond to this standard 


© skip 


Q101 


Have we communicated our expectations for this standard clearly? 
Q102 ©) Yes 
O No 


Q102 If no, then please give reasons for your answer. 
a 


Q107 


Q107 
a 


Do you have any examples that you think could be used to illustrate the approach we 
are advocating to this standard? 


Yes 


No 
If yes, then please give reasons for your answer. 


Do you think this standard gives rise to any unwarranted or unintended 
consequences? 


Yes 


No 
If yes, then please give reasons for your answer. 


Do you envisage any feasibility challenges to online services delivering this standard? 
Yes 


No 


If yes, then please provide details of what you think the challenges are and how you 
think they could be overcome? 


Do you think this standard requires a transition period of any longer than 3 
months after the code comes into force? 

Yes 

No 


If yes, then please provide your reasons for this view, and give an indication of what 
you think a reasonable transition period would be and why. 


Do you know of any online resources that you think could be usefully linked to 
from this section of the code? 


Yes 
No 
If yes, then please provide details (including links). 


Section 3: Your views on the code sections 


Q108 © Yes 
O No 


Q108 If no, then please provide your reasons for this view. 
a 


Q109 @ Yes 
©) No 


Q109 If no, then please provide your reasons for this view. 
a 


Q110 ©) Yes 
© No 


Q110 If yes, then please provide your reasons for this view. 
a 


Q111 @ Yes 
©) No 


Q111 If no, then please provide your reasons for this view. 
a 


Q112 ©) Yes 
© No 


Q112 If yes, then please provide your reasons for this view. 
a 


Q113 © Yes 
© No 


Q113 If yes, then please provide details (including links). 
a 


Q114 @ Yes 
O No 


Q114 If no, then please provide your reasons for this view. 
a 


Q115 @ Yes 
©) No 


Q115 If no, then please provide your reasons for this view. 
a 


Q116 © Yes 
©) No 


Q116 If yes, then please provide your reasons for this view. 


a Guidance on how to implement robust age verification without collecting any private 
Aata 
Section 4: About you 


Are you answering as: 

Q117 ©) A body representing the views or interests of children 
O A body representing the views or interests of parents 
©) A child development expert 
©) An academic 
© An individual acting in another professional capacity 
O A provider of an ISS likely to be accessed by children 
O A trade association representing ISS providers 


O An individual acting in a private capacity (e.g. someone providing their views as a 
member of the public of the public or a parent)? 


O An ICO employee 
O Other 
Q117 Please specify: 
A Owner of a business that would have to meet some of these rules 


Q117 Please specify: 
b 


Q118 Etched Pixels Digital Design 


Thank you for responding to this consultation 
We value your input. 


